The UK has pledged £15 million to commonwealth countries to stay secure against cyber attacks, almost a year on from the infamous WannaCry cyber attack, which crippled 683 NHS organisations. Despite a “lessons learned” report from the Department of Health and Social Care, there remains much work to be done to secure critical infrastructures from cyber attack.
The scale of modern cyber threats is mounting, with a recent study reporting that cyber attackers are now automating up to 80% of their hacking processes.
In the case of the NHS attack, decades-old Windows XP operating systems were still being used, leaving systems vulnerable. World Wide Technology, a global systems integrator, warns that with the developing threat of cyber attacks, and the growing complexity of managing enterprise-level IT systems, software will need to be patched yet more regularly.
Ben Boswell, VP Europe at World Wide Technology, has advised that the relationship between software providers and organisations should be governed by a new breed of Enterprise Agreements (EAs).
In fast-moving areas of technology, such as security, these agreements are beginning to replace the standard purchasing model of buying successive products, which can so quickly leave companies lagging behind. EAs allow organisations to guarantee software support and therefore greater resilience in the face of growing cyber threats.
Ben comments, “In large, complex organisations, it can be difficult to make sure every system is kept up to date – especially those like the NHS, where staff are under huge stress and time pressure. But using software that is no longer supported by the manufacturer effectively puts a target on the back of organisations for malicious hackers, particularly as hacking becomes more automated.
“Cyber attacks to various companies and organisation over the last year demonstrate that IT should be at the forefront of operations planning in any large organisation of national importance.”
He continues, “The product-by-product approach, where large-scale IT infrastructure is bought on an ad-hoc basis and fully updated infrequently, sometimes only once every decade, leaves organisations incredibly vulnerable to attack.
“One way to tackle this problem is to engage in an Enterprise Agreement (EA), a contract between customer and supplier whereby hardware and software are fully supported on a rolling basis.
“In recent years EAs have evolved to better accommodate the changing needs of businesses, who are looking for increasing flexibility. Many EAs now include security, network and other hardware support in the same package as well as being available on a pay-by-usage policy. This means firms can accelerate innovation into their IT systems through just one agreement.”